npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

By Ax Sharma on February 29, 2024 vulnerabilities

4 minute read time

Sonatype has identified multiple open source packages that infect npm developers with a Windows info-stealer and crypto-stealer called Bladeroid
Read More...

The curious case of 'csrf-magic': A case study in supply chain poisoning

By Ax Sharma on February 27, 2024 vulnerability

5 minute read time

Learn how a so-called code injection vulnerability was in fact a backdoor in an open source component, csrf-magic, to help secure your application against Cross-Site Request Forgery attacks.
Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...

A guide for open source software (OSS) security

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains
Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.
Read More...

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems
Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...

Supply chain security inside and out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.
Read More...

Protecting software developers from malware with AI/ML insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...